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-The MAILING DATE of this communication appears on the cover sheet with the correspondence address 
THE REPLY FILED 07 January 2008 FAILS TO PLACE THIS APPLICATION IN CONDITION FOR ALLOWANCE. 

1 . ^ The reply was filed after a final rejection, but prior to or on the same day as filing a Notice of Appeal. To avoid abandonment of 

this application, applicant must timely file one of the following replies: (1) an amendment, affidavit, or other evidence, which 
places the application in condition for allowance; (2) a Notice of Appeal (with appeal fee) in compliance with 37 CFR 41 .31 ; or (3) 
a Request for Continued Examination (RCE) in compliance with 37 CFR 1.114. The reply must be filed within one of the following 
time periods: 

a) ^ The period for reply expires 4_months from the mailing date of the final rejection. 

b) □ The period for reply expires on: (1) the mailing date of this Advisory Action, or (2) the date set forth in the final rejection, whichever is later. In 

no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of the final rejection. 

Examiner Note: If box 1 is checked, check either box (a) or (b). ONLY CHECK BOX (b) WHEN THE FIRST REPLY WAS FILED WITHIN 

TWO MONTHS OF THE FINAL REJECTION. See MPEP 706.07(f). 
Extensions of time may be obtained under 37 CFR 1.136(a). The date on which the petition under 37 CFR 1.136(a) and the appropriate extension fee 
have been filed is the date for purposes of determining the period of extension and the corresponding amount of the fee. The appropriate extension fee 
under 37 CFR 1.17(a) is calculated from: (1) the expiration date of the shortened statutory period for reply originally set in the final Office action; or (2) as 
set forth in (b) above, if checked. Any reply received by the Office later than three months after the mailing date of the final rejection, even if timely filed, 
may reduce any earned patent term adjustment. See 37 CFR 1.704(b). 
NOTICE OF APPEAL 

2. □ The Notice of Appeal was filed on . A brief in compliance with 37 CFR 41 .37 must be filed within two months of the date of 

filing the Notice of Appeal (37 CFR 41 .37(a)), or any extension thereof (37 CFR 41 .37(e)), to avoid dismissal of the appeal. Since 
a Notice of Appeal has been filed, any reply must be filed within the time period set forth in 37 CFR 41 .37(a). 
AMENDMENTS 

3. □ The proposed amendment(s) filed after a final rejection, but prior to the date of filing a brief, will not be entered because 

(a) D They raise new issues that would require further consideration and/or search (see NOTE below); 

(b) C3 They raise the issue of new matter (see NOTE below); 

(c) □ They are not deemed to place the application in better form for appeal by materially reducing or simplifying the issues for 

appeal; and/or 

(d) □ They present additional claims without canceling a corresponding number of finally rejected claims. 

NOTE: . (See 37 CFR 1.116 and 41.33(a)). 

4. □ The amendments are not in compliance with 37 CFR 1.121. See attached Notice of Non-Compliant Amendment (PTOL-324). 

5. (ZI Applicant's reply has overcome the following rejection(s): . 

6. □ Newly proposed or amended claim(s) would be allowable if submitted in a separate, timely filed amendment canceling the 

non-allowable claim(s). 

7. □ For purposes of appeal, the proposed amendment(s): a) □ will not be entered, or b) □ will be entered and an explanation of 

how the new or amended claims would be rejected is provided below or appended. 
The status of the claim(s) is (or will be) as follows: 

Claim(s) allowed: . 

Claim(s) objected to: . 

Claim(s) rejected: . 



Claim(s) withdrawn from consideration: . 

AFFIDAVIT OR OTHER EVIDENCE 

8. □ The affidavit or other evidence filed after a final action, but before or on the date of filing a Notice of Appeal will not be entered 

because applicant failed to provide a showing of good and sufficient reasons why the affidavit or other evidence is necessary and 
was not earlier presented. See 37 CFR 1.1 16(e). 

9. □ The affidavit or other evidence filed after the date of filing a Notice of Appeal, but prior to the date of filing a brief, will not be 

entered because the affidavit or other evidence failed to overcome all rejections under appeal and/or appellant fails to provide a 
showing a good and sufficient reasons why it is necessary and was not earlier presented. See 37 CFR 41.33(d)(1). 

10. □ The affidavit or other evidence is entered. An explanation of the status of the claims after entry is below or attached. 
REQUEST FOR RECONSIDERATION/OTHER 

11 . £3 The request for reconsideration has been considered but does NOT place the application in condition for allowance because: 

See Continuation Sheet. 

12. □ Note the attached Information Disclosure Statement(s). (PTO/SB/08) Paper No(^. f\ f L 



13. □ Other: 
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Continuation of 1 1 . does NOT place the application in condition for allowance because: Examiner asserts that each and every limitation 
recited in the independent claims are disclosed by the reference/s on the record. 

Applicant's arguments filed 01/07/2008 have been fully considered but they are not persuasive. The examiner counters that a careful 
reading of the reference/s on the record reveals that the features that is argued by the applicant's representative is indeed taught by the 
passages cited in the pervious final office action. Furthermore the core/content of the argument presented is similar to the pervious 
argument. Thus examiner's pervious response is found to be applicable. 

Referring to independent claims, Applicant argued that limitations recited in the independent claims are not disclosed by the reference/s 
on the record namely by Ginter or Lampson individually or by the combinations of the reference/s. 

Examiner first would point out that Ginter on Column 55, lines 33-43, discloses the following which meets the limitation recited as 
"one or more business organizations." 

"Information utility" 200 in FIG. 1 can be a collection of participants that may act as distributors, financial clearinghouses, and 
administrators. FIG. 1A shows an example of what may be inside one example of information utility 200. Information utility participants 
200a-200g could each be an independent organization/business. There can be any number of each of participants 200a-200g. In this 
example, electronic "switch" 200a connects internal parts of information utility 200 to each other and to outside participants, and may also 
connect outside participants to one another." 

Furthermore, on column 303, lines 3-19, the following has been disclosed, which meets the limitation of "roles/functions in organizational 
structure." 

"In addition, the organization may desire to permit users to exercise control over specific documents for which the user has some defined 
responsibility. As an example, a user (the "originating user") may wish to place an "originator controlled" ("ORCON") restriction on a 
certain document, such that the document may be transmitted and used only by those specific other users whom he designates (and only 
in certain, expressly authorized ways). Such a restriction may be flexible if the "distribution list" could be modified after the creation of the 
document, specifically in the event of someone requesting permission from the originating user to transmit the document outside the 
original list of authorized recipients. The originating user may wish to permit distribution only to specific users, defined groups of users, 
defined geographic areas, users authorized to act in specific organizational roles, or a combination of any or all such attributes." 
Applicant's representative argued that Ginter et al, the reference on the record, fail to disclose the limitation recited as "organizing entities 
within the organizational structure as roles through associating the electronic representations of entities with electronic representations of 
roles". 

Applicant's representative further presented argument which is similar to the following argument pesented perviously. 
"The references to "role" in the cited portions of Ginter et al. are simply in apposite to the claim language since the claim recites more than 
the word "roles". For example, none of the cited portions of Ginter et al. references an organizational structure or organizing entities within 
that organizational structure by associating the electronic representations of entities with electronic representations of roles. Rather, the 
cited portions of Ginter et al. merely indicate the participants in the electronic commerce system of Ginter et al. may adopt different roles 
but provide no disclosure, teaching or suggestion of organizing entities, which have associated cryptographic capabilities, within an 
organizational structure, let alone organizing those entities by associating corresponding electronic representations as recited in claim 1." 
Examiner disagrees with the above argument. 

The Applicant has recited a method of control and maintenance of an operation organizational structure where various entities are 
associated with particular roles. 

As the office pointed out above Ginter et al discloses that user may wish to permit distribution only to specific users, defined groups of 
users, defined geographic areas, users authorized to act in specific organizational roles, or a combination of any or all such 
attributes."[See at least column 303, lines 3-19] 
Furthermore as it is explained in the previous office action, 

Ginter et al. discloses a massive commercial and organizational structure with cryptographic capabilities with a number of modules 
interacting. Ginter et al. is in essence, a complete cryptographic system disclosed with detail. The Applicant's central argument appears 
to be grounded around the assertion that 

"...none of the cited portions of Ginter et al. references an organizational structure or organizing entities within that organizational structure 
by associating the electronic representations of entities with electronic representations of roles." 

It is the office's position however that any cryptographic entity enabled in the technological arts, be it a smartcard system, a general client 
server authentication system, or an encrypted transaction system may be construed as an "organizational structure." 

It is furthermore the Examiner's position that any modules or subparts that server to enable the technological realization of a functional 
organization may be construed as an assignment of "roles" to these modules insofar as their functions, and therefore contribution to the 
organizational entity, dictate. 

An organization is simply an aggregation of interacting persons, or components to impel a specified directive or purpose. The interactions 
of these components with respect to that organization in forwarding that purpose has been construed by the Examiner to be their "role." 
In response to the Applicant's additional contention that Ginter et al. provides no disclosure, teaching or suggestion of organizing entities, 
which have associated cryptographic capabilities, within an organizational structure, let alone organizing those entities by associating 
corresponding electronic representations, it is the Examiner's position that the cryptographic modules of Ginter et al. in the rejection below 
recite these limitations and their organization by corresponding electronic representations embodied by their realization in Ginter et al by 
virtue of their enablement in the technological arts. 

For Example, paragraphs 1500-1502 of Ginter et al. disclose the usage of cryptographic keys in a "compare block" 3362A of Figure 67a. 
These cryptographic keys are further identified by Ginter et al. in paragraph 1502 as "important data structures." This reads upon the 
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Applicant's limitation of organizing entities with cryptographic capabilities with by associating corresponding electronic representations. In 
this case, the associating corresponding electronic representation is the data structure representing the cryptographic keys. 

(1500) A further attack technique in this example might involve comparing 
installed operational material 3472 software and data files among several 
different PPE 650 instances to identify important data structures, such as 
cryptographic keys (see "compare" block 3362A of FIG. 67A; and FIG. 67B, block 
3362). The resulting list of differences 3362B could be carefully analyzed 

(see FIG. 67A's magnifying glass 3362C) to obtain important clues, using 
analysis techniques such as described above. 

(1501) A further attack technique might involve comparing the memory and/or 
disk images of installed operational material 3472 software and data files in a 
single instance of PPE 650, after performing various operations using the PPE. 
This could serve to identify important data structures, such as cryptographic 
keys (see "compare" block 3362A of FIG. 67A; and FIG. 67B, block 3362), The 
resulting list of differences 3362B could be carefully analyzed (see FIG. 67A's 
magnifying glass 3362C) to obtain important clues, using analysis techniques 
such as described above. 

(1502) A further attack technique might involve analyzing the timing and/or 
order of modification to memory and/or disk images of installed operational 
material 3472 software and data files in a single instance of PPE 650, during 
the performance performing various operations using the PPE. This could serve 
to identify important data structures, such as cryptographic keys (see 
"compare" block 3362A of FIG. 67A; and FIG. 67B, block 3362). The resulting 
list of differences 3362B could be carefully analyzed (see FIG. 67A's 
magnifying glass 3362C) to obtain important clues, using analysis techniques 
such as described above. 

With respect to the Applicant's arguments of the rejections under 35 USC 103, Applicant's arguments have been fully considered but are 
not also persuasive. 

Referring to the independent claim 16, Applicant further presented argument which is similar to the following argument submitted 
previously. 

"None of the cited portions of Ginter discuss change of maintained electronic representations of entities within a business organization, or 
of characteristics (such as an entity's size, threshold for a quorum, or visibility (see. e.g., page 21 of the specification)) of entities within a 
business organization, or of relationships of entities within a business organization, let alone to do so upon any addition, deletion or 
modification of a characteristic or relationship of entities within a business organization." 
Examiner disagrees with the above argument. 

In response to applicant's argument that the references fail to show certain features of applicant's invention, it is noted that the features 
upon which applicant relies (i.e. characteristics such as an entity's size, threshold for a quorum, or visibility...,) are not recited in the 
rejected claim(s). Although the claims are interpreted in light of the specification, limitations from the specification are not read into the 
claims. See In re Van Geuns, 988 F.2d 1 181 , 26 USPQ2d 1057 (Fed. Cir. 1993). 

However, Examiner would point that the secondary reference on the record, Ginter et al, explicitly discloses an electronic 
embodiment of a system for control and maintenance of an operational structure including "changing the maintained electronic 
representation of said entities said characteristics and said relationships upon an addition, deletion or modification of a characteristic or 
relationship of the entities." paragraphs 164, 204, 209, 206 

Ginter, paragraph 164 

(164) VDEF transaction control elements reflect and enact content specific 
and/or more generalized administrative (for example, general operating system) 
control information. VDEF capabilities which can generally take the form of 
applications (application models) that have more or less configurability which 
can be shaped by VDE participants, through the use, for example, of VDE 
templates, to employ specific capabilities, along, for example, with capability 
parameter data to reflect the elements of one or more express electronic 
agreements between VDE participants in regards to the use of electronic content 
such as commercially distributed products. These control capabilities manage 
the use of, and/or auditing of use of, electronic content, as well as reporting 
information based upon content use, and any payment for said use. VDEF 
capabilities may "evolve" to reflect the requirements of one or more successive 
parties who receive or otherwise contribute to a given set of control 
information. Frequently, for a VDE application for a given content model (such 
as distribution of entertainment on CD-ROM, content delivery from an Internet 
repository, or electronic catalog shopping and advertising, or some combination 
of the above) participants would be able to securely select from amongst 
available, alternative control methods and apply related parameter data, 
wherein such selection of control method and/or submission of data would 
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constitute their "contribution" of control information. Alternatively, or in 
addition, certain control methods that have been expressly certified as 
securely interoperable and compatible with said application may be 
independently submitted by a participant as part of such a contribution. In 
the most general example, a generally certified load module (certified for a 
given VDE arrangement and/or content class) may be used with many or any VDE 
application that operates in nodes of said arrangement. These parties, to the 
extent they are allowed, can independently and securely add, delete, and/or 
otherwise modify the specification of load modules and methods, as well as add, 
delete or otherwise modify related information. 

Ginter paragraph 204 

Handlers in a pathway of handling of content 

control information, to the extent each is authorized, can establish, modify, 
and/or contribute to, permission, auditing, payment, and reporting control 
information related to controlling, analyzing, paying for, and/or reporting 
usage of, electronic content and/or appliances (for example, as related to 
usage of VDE controlled property content). Independently delivered (from an 
independent source which is independent except in regards to certification), at 
least in part secure, control information can be employed to securely modify 
content control information when content control information has flowed from 
one party to another party in a sequence of VDE content control information 
handling. This modification employs, for example, one or more VDE component 
assemblies being securely processed in a VDE secure subsystem. 

Referring to independent claim 52, Applicant's representative further presented argument which is similar to the following pervious 
argument. 

"Thus none of the cited portions of Ginter would disclose or teach the claimed 

database, let alone a maintenance system to maintain coordination between the database and cryptographic capabilities (which is not 
even referenced in the cited portions)." 
Examiner disagrees with the above argument. 

Even though applicant's is correct that the cited portion does not explicitly mention the database the feature is already disclosed by the 
reference preceding the citation. For instance, Examiner would like to point out that Ginter on column 8, lines 1-7 discloses the following. 
"VDE normally employs an integration of cryptographic and other security technologies (e.g. encryption, digital signatures, etc.), with other 
technologies including: component, distributed, and event driven operating system technology, and related communications, object 
container, database, smart agent, smart card, and semiconductor design technologies." 

Furthermore, for the 103 rejection, applicant's arguments against the references individually, Examiner would indicate that one cannot 
show nonobviousness by attacking references individually where the rejections are based on combinations of references. See In re 
Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). 
As to the argument made to the rest of the dependent claims, Examiner would point out that the dependent claims stands and falls with 
the corresponding independent claims. 

Some of the language that have been used in the independent claims are so broad which can be interpreted in various ways. Such 
limitations for instance includes but not limited to the following terms/limitations, "organizational structures", "cryptographic capabilities", 
"business organizations", "...associating the electronic representations of entities with electronic representations of roles" 

Applicant's representative could re-write the claims in such a way that the claims would have a specific meaning and overcomes the 
ground/s of rejection set forth in the pervious office actions. However in view of examiner's interpretation of the language of the claims, 
each limitation presently recited in the body of independent claims are undoubtedly disclosed by the reference/s on the record and the 
rejection is maintained. 
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